." ex: set tabstop=4 ai expandtab softtabstop=4 shiftwidth=4:
." -*- mode: c-basic-indent: 4; tab-width: 4; indent-tabs-mode: nil -*-
." The first line of this file must contain the '"[e][r][t][v] line
." to tell man to run the appropriate filter "t" for table.
." vim: set filetype=nroff :
."
."    $Id$
."
."######################################################################
."#                                                                    #
."#                        Copyright (C)  2007                         #
."#                            Internet2                               #
."#                        All Rights Reserved                         #
."#                                                                    #
."######################################################################
."
."    File:        owping_conn_opts.man
."
."    Author:      Jeff W. Boote
."                 Internet2
."
."    Date:        Sat Feb 24 03:57:37 MST 2007
."
."    Description:    
."      This file is included into owping.1, owfetch.1, owup.1 and
."      is not useful as a man-page on its own.
."
.SS Connection/Authentication Options:
.TP
\fB\-4\fR
.br
Forces OWAMP clients to use IPv4 addresses only.
.RS
.IP Default:
Unset. OWAMP will use IPv4 or IPv6 address, but tries IPv6 first. 
.RE
.TP
\fB\-6\fR
.br
Forces OWAMP clients to use IPv6 addresses only.
.RS
.IP Default:
Unset. OWAMP will use IPv4 or IPv6 address, but tries IPv6 first. 
.RE
.TP
\fB\-A\fR \fIauthmode\fB
.br
Specify the authentication modes the client is willing to use for
communication. \fIauthmode\fR should be set as a character string with
any or all of the characters "AEO". The modes are:
.RS
.IP \fBA\fR
[\fBA\fR]uthenticated. This mode encrypts the control connection and
digitally signs part of each test packet.
.IP \fBE\fR
[\fBE\fR]ncrypted. This mode encrypts the control connection and
encrypts each test packet in full. This mode forces an encryption step
between the fetching of a timestamp and when the packet is sent. This
adds more computational delay to the time reported by \fBOWAMP\fR for each
packet.
.IP \fBO\fR
[\fBO\fR]pen. No encryption of any kind is done.
.PP
The client can specify all the modes with which it is willing to communicate.
The most strict mode that both the \fBOWAMP\fR server and the \fBOWAMP\fR
client are willing to use
will be selected. Authenticated and Encrypted modes require a "shared secret"
in the form of a pass-phrase that is used to generate the AES and HMAC-SHA1
session keys.
.IP Default:
"AEO".
.RE
.TP
\fB\-k\fR \fIpfsfile\fR
.br
Use the pass-phrase in \fIpfsfile\fR for
\fIusername\fR to derive the symmetric AES key used for encryption.
\fIusername\fR must have a valid entry in \fIpfsfile\fR.
\fIpfsfile\fR can be generated as described in the pfstore(1) manual
page.
.RS
.IP Default:
Unset. (If the \fB\-u\fR option was specified without the \fB-k\fR, the
user will be prompted for a \fIpassphrase\fR.)
.RE
.TP
\fB\-S\fR \fIsrcaddr\fR
.br
Bind the local address of the client socket to \fIsrcaddr\fR. \fIsrcaddr\fR
can be specified using a DNS name or using standard textual notations for
the IP addresses. (IPv6 addresses are of course supported.)
.RS
.IP Default:
Unspecified (wild-card address selection).
.RE
.TP
\fB\-u\fR \fIusername\fR
.br
Specify the username that identifies the shared secret (pass-phrase)
used to derive the AES and HMAC-SHA1 session keys for
authenticated and encrypted modes. If the \fB\-k\fR option is specified,
the pass-phrase is retrieved from the \fIpfsfile\fR,
otherwise the user is prompted for a pass-phrase.
.RS
.IP Default:
Unset.
.RE
